Make sure all your passwords are 12 characters or more, ideally a lot more. I recommend adopting pass phrases, which are not only a lot easier to remember than passwords (if not type) but also ridiculously secure against brute forcing purely due to their length.

Quote

Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. These new hashes were specifically designed to be difficult to implement on GPUs. Do not use any other form of hash. Almost every other popular hashing scheme is vulnerable to brute forcing by arrays of commodity GPUs, which only get faster and more parallel and easier to program for every year.

PHP developers should look to the phpass library for a bcrypt implementation.

Re: PHP and Security Links

Re: PHP and Security Links

Posted 24 September 2012 - 03:32 AM

Hi JackOfAllTrades,

Great share as today there is a more chances of hacking our website by hackers any time so for preventing to hack our business website - we have to make it secure. And these are the most important resources to learn new things and ideas about how to secure your website?

Re: PHP and Security Links

Posted 10 June 2013 - 02:59 AM

Update: Now recommending the use of password_compat for PHP password hashing as it's forward-compatible with the upcoming PHP 5.5 release. Here is a video on password hashing by the author of this library: